Privacy Policy

1. What We Collect

• Account info: Email address and display name (via Google OAuth or magic link)
• Onboarding responses: Your answers to the 16 intake questions — used solely to personalize your program
• Conversations: Messages between you and Dr. Maya — stored to maintain session continuity
• Progress data: Daily self-reported scores and milestone tracking
• Payment info: Processed entirely by Stripe — we never see or store your card number

2. How We Use Your Data

Your data is used exclusively to provide and improve your coaching experience. We use your onboarding answers and conversation history to personalize Dr. Maya's guidance. We do not use your data for advertising, marketing to third parties, or AI model training.

3. Data Storage & Security

All data is stored in Supabase (hosted on AWS) with encryption at rest enabled by default. All connections use TLS 1.3. Access to the database is restricted to application-level service accounts with Row Level Security (RLS) enforcing per-user data isolation.

4. Third-Party Services

• Anthropic (Claude API): Processes your messages to generate Dr. Maya's responses. Anthropic does not use API data for model training.
• Stripe: Handles payment processing. Subject to Stripe's Privacy Policy.
• Supabase: Database and authentication provider with SOC 2 compliance.

5. Session Amnesia

You can delete individual conversations or all your data at any time from the Settings page. When you delete data, it is permanently removed from our database within 30 days (including backups).

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all data is permanently removed. Inactive accounts (no login for 12 months) may be flagged for deletion with 30 days advance notice via email.

7. Your Rights

You have the right to access, export, or delete your data at any time. For data export requests or questions, contact us at privacy@endura.app.